Warning: imagecreatefrompng(): gd-png: libpng warning: iCCP: known incorrect sRGB profile in /home/.sites/28/site3242728/web/cybecure/libraries/vendor/joomla/image/src/Image.php on line 703 Warning: imagecreatefrompng(): gd-png: libpng warning: Interlace handling should be turned on when using png_read_image in /home/.sites/28/site3242728/web/cybecure/libraries/vendor/joomla/image/src/Image.php on line 703

Best Practice

Thursday, 09 July 2020 10:59

Securing Zoom

Written by

A video conferencing tool Zoom has become more popular, due to the home working incentive created by the Covid-19 virus.

However, a new term Zoombombing now describes when an unauthorized person joins a Zoom meeting or chat session that has mischievous or malicious intent. These intruders have posted hate speech and pornography, resulting in a warning from the FBI for the users toi be diligent and cautious. These individuals have been sharing their Zoom meeting IDs, via online forums and even recording their attacks on TikTok and YouTube. An automated tool now exists to locate Zoom rooms and meetings.

Holding private meetings with the use of the waiting room and password features help to keep control of who can enter the meeting, and when inviting people for the meeting avoid doing so via public social media posts only sending the links to specific contacts with direct messaging. Also locking the meeting once everyone has entered, plus disabling the screen sharing for non-hosts will provide safer usage of this platform. As normally make sure to keep update to date with all updates and patches.

The Citizen Lab has looked into the end to end encryption that Zoom states in its marketing material. As of writting it uses a dated encrytioned method AES-128, which leaves patterns in the input from the video allowing intercepted images to remain visible. They also observed that during test calls in North America, meeting keys where being sent via servers in Beijing. This highlighted the potential limitations in cryptography and the possibility of nation state attack attempts. However, upon checking their website they have issued an update on the 17th june 2020, and this states the default encryption is now AES 256 GCM. Plus E2EE (End To End Encryption) as an early beta July 2020.

There was also a bug that needed to be fixed which meant the attacker could takeover a Mac user's computer that was using Zoom, so making sure to apply the updates and security patches is always a good idea.

Monday, 06 March 2017 09:57

Clicking Items In Emails

Written by

Can you really trust the sender's name and the links within the Emails you receive ?

Cybecure e.U

Commercial register number:: FN535449
Register court: Landesgericht Wels

Get In Touch

Address: Grünau im Almtal
Phone: +43 664 6431946

Email:
Website: www.cybecure.at

PGP Key

Why Cybecure

Cyberattacks on IoT increased 300% in 2019, due in large part to rapid adoption of IoT in combination with aging firmware and IT architectures. Many of these are unprecedented attacks and include seemingly impenetrable systems, including Apple’s iOS.

© 2020 Cybecure. All Rights Reserved.

Search

X

Right Click

No right click